The thing that makes last night's new spam campaign newsworthy is the inclusion of a very authentic looking CNN wrapper on the spam.

We received more than 1,400 copies of this spam email so far in the UAB Spam Data Mine. While the subject of the email has always been "CNN.com Daily Top 10", the listed stories are composed of a random mix from the following 84 topics:

`Dark Knight' - download it instantly fo free12-year-old with HIV applauded at AIDS conference16 Police Die in Pre-Olympic Attack6 NFL greats inducted into the pro football hall of fame8-Foot Python Becomes Laundry95-year-old Paul Batman calls Texas -- not Gotham City -- home.A drunken driver slams into car as officer wrote a ticket.A prostitute waits for customersAfghan, NATO troops kill1 7 militants in southern AfghanistanAged Tires: A Driving Hazard?Ancestor of T-Rex dinosaur unearthed in PolandAngry, late, tired passengers make computers crashAttackers kill 16 police at Chinese border postBikers down to bare basics for eco demonstrationBill Clinton and Monika seen againBill Clinton Regrets, 'I Am Not a Racist'Boy Loses Arm in Gator AttackBoys bounce for 24 hours in world record attemptBreaking Dawn' Book Excerpt Exclusive!Bush urgently flies to AsiaCan a party game reveal flaws in U.S. wiretapping and war plans?Celebrity was seen naked on the beachCheesus! Jesus Spotted in a CheetoChef: sorry for suggesting poison plant in saladChina Rising: Will It Overtake the U.S.?Christina Applegate treated for breast cancerCops May Close Anthrax Probe TodayCorrupt China official betrayed by leaky toiletDinosaurs Come to Life at ExhibitDog Plays Mom for Tiger CubsDog Rides a 'Hog'Don't streak, get drunk or sleep outside at OlympicsDoping scandal rush out before the openingDrunken Man Can't Erase ArrestEdouard Triggers 'Cane Watch for TexasErnest Hemingway look-alikes hit Key West's streets to honor the author.Facebook Grows, but Where's the Profit?FBI reveal sealed docs describing anthrax attack detailsFind you friend online for freeFive Secrets to Get a Bargain on a HouseFunnies: Celebrity Candidates?Furnished Nazi bunkers surface in DenmarkGPS-equipped turtle stumbles upon field of marijuana in a D.C. park.Guinea Pigs Get Dressed ... and EatenHalf-scale replica of German tank built for paintball competition.Harried family forgets 3-year-old daughter at airport.Illusionist Chris Angel races against time in a building set to detonate.In the first surgery of its kind, a German farmer gets a new pair of armsIt's a buyer's market if you know what 'code words' to look for.Kevin Costner appreciates politics and making movies.Key to Biz Success: The Conference Table?Kidnap Dad In Custody, Girl Found SafeMaine island loses trash can mail delivery serviceMan presumed dead in 1976 Colo. flood found aliveMan wins appeal in bizarre gasoline suicide caseMeet the Real BatmanMichael Jackson is sued by his own dogMortgage rates rise to heavensMysterious 'Monster of Montauk'Naked Madonna blows the press conferenceNY girl falls 14 stories, saved by sooty landingObama beats McCainOlympic Sport: Blocking the InternetOlympics-Wear ox pendant to avoid rat clashes, leadersParis Hilton's mom takes offense at McCain's humorPolice killed in west China ahead of GamesPool Parasite Infections on the RiseRig dumps tons of dirt when nature calls driverRussian stocks take hit as govt. looks to nationalize steel, oil companies.Sex and the city forbidden,Social networking sites have lots of users, but no one seems to be buyingSuperheroes Get SandyTeenage Mutant Ninja NARCTehran says it launched nuke missileThe three New Jersey brothers delight teens with fun, wholesome music.Tropical Storm Edouard moving toward Texas coastVet Aids Endangered SharkWar, Spying and Party Game DelusionsWhat Is Microsoft So Afraid Of?Whoopi Kissed a Girl and She Liked ItWill nearly all Americans be obese by 2030? Diet experts have their say.Woman Attacked by Beau's PitbullWoman Survives Bear Attack

What happens if you click the link? In our first wave of the attack, we've identified 45+ different websites, which, like the previous waves of news headline malware, seem to be hosted on sites which have been compromised for this purpose.

UPDATE: Now we're seeing "/news/" as a valid path, instead of the earlier "/index2.html". We'll keep an eye out on this trend . . . so far there is not actually any content on these "/news/" pages, however they are all currently resolving to the same IP. Perhaps the spammer just got ahead of himself?

Sites are hosted around the world, including the United States, Brasil, France, Italy, and Poland. Analysis of the malware and the websites by UAB students shows that it is clearly related to previous "news" campaigns, though you'll forgive me if we don't share all of those details here.

As before, malware detection is far from complete in the anti-virus community. A scan of this malware on VirusTotal still shows only 16 of 36 different detect the virus, although I'm happy to report that Symantec is now among those who do. (McAfee, Trend, and Microsoft are still among those who do not.)

The challenge to those wishing to block the virus is the same as we've been dealing with. The current malware name is "get_flash_update.exe", but even blocking by name may not be adequate. One of the website tricks is to cause machines to download the malware via a javascript program. In the javascript program, the name of the file is interspersed with "garbage characters", which are then removed by the program when it comes time to save the file.

For example:

g(e(t_f&l*a^s#h_$u!p*(date)#.!%e^xe!'

is followed by a command to remove:

replace(/\!|@|#|\$|%|\^|&|\*|\(|\)

which leads to the name to be stored being:

get_flash_update.exe

The actual filename then, would never occur in the web filters.

These viruses are on legitimate websites which have been compromised. Blocking the websites will protect your business, but may block a real company as penalty for their compromise. We are still working with webmasters and providers to learn how the sites are being compromised, but the leading theory at the moment is via an FTP password compromise.